As if their government couldn't just track the smartphone or them via social media already.
https://www.lighthousereports.com/methodology/surveillance-s...
> Phone networks need to know where users are in order to route text messages and phone calls. Operators exchange signalling messages to request, and respond with, user location information. The existence of these signalling messages is not in itself a vulnerability. The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose.
> These signalling messages are never seen on a user’s phone. They are sent and received by “Global Titles” (GTs), phone numbers that represent nodes in a network but are not assigned to subscribers.
'Fun' fact: "other networks" includes all foreign networks with a roaming partnership. It's possible to abuse SS7 to track people across borders, from half the world away.
this also helped confirm the identity of the 2022 killer in idaho https://en.wikipedia.org/wiki/2022_University_of_Idaho_murde...
Political figures being there I somewhat understand, but a Netflix producer? Why would anyone need to track a Netflix producer?
netflix is a crucial tool of narrative control...
they are nowhere near "just producers"...
But it is highly ironic that these companies specialize in surveillance, tracking, and security, and then have a tendency to leave the data that they steal from others open to the Internet in a very amateurish security lapse that in turn leads to everyone stealing from them.
the group:
- dragged its feet on resolving SS7 security vulnerabilities
- repeatedly ignored input from DHS technical experts
- [identified] best practices.. using different filtering systems
- [but] pushed.. to rely on voluntary complianceI recently completed Barack Obama’s A Promised Land (a partial account of his presidency), and he mentions in his book that although he wanted to reform mass surveillance, it looked a little different once he was actually responsible for people’s safety. I often think about this when I drive past Flock cameras or walk into grocery stores; our leaders seem more enticed by the power of this technology than they are afraid of vague abuses happening in _not here_. It seems like no one sees a cost to just not addressing the issue.
By analogy, I feel that reporting on the dangers of fire isn’t really as effective as reporting on why we don’t have arson laws and fire alarms and social norms that make our society more robust to abuse of a useful capability. People who like cooked food aren’t going to engage with anti-fire positions if they just talk about people occasionally burning each other alive. We need to know more about what can be done to protect the average person from downsides of fire, as well as who is responsible for regulating fire and what their agenda for addressing it is. I’d love to see an article identifying who is responsible for installing these Flock cameras in my area, why they did so, and how we can achieve the positive outcomes desired from them (e.g. find car thieves) without the negatives (profiling, stalking, tracking non-criminals, etc).
If the police need your google search history thats ok as long as they can get a warrant showing they have justification and then perhaps at a delayed time, the account owner should be notified that this happened.
If they need access to your phone, rather than hacking it they should just take it off you and get the password from you.
This limits tracking since this is a fairly disruptive and visible thing and prevents just passive tracking of everyone all the time.
Businesses who use facial recognition for loss prevention should be legally required to only use their data for this purpose and never for marketing and analytics. They must not ever sell the data and delete it within a reasonable time.
1) It does not _prevent_ the most serious crimes. People who are going to murder or rape someone are often not mentally capable or understanding how likely they are to get caught or caring about it in the moment. It might help solve it but there's usually more than enough conventional evidence. And these crimes are typically not what people coordinate with others so surveilling communication does not help much.
2) Stealing? Maybe. I can imagine cameras dissuade some opportunists but then again, shoplifting is reportedly high with self-checkouts and those are packed with cameras. Other kinds like burglars will probably just learn to be more careful with gloves and masks. And surveilling communication does not help unless we're talking organized crime and those people should be competent enough to use encrypted comms even if the major platforms are backdoored.
3) Crimes of opportunity like vandalism. Again, cameras are enough, if they work at all. The extra fraction of idiots who would be caught because they brag only about setting a trash can on fire it negligible compared to the downsides.
---
What surveillance absolutely could deter and help catch is organized resistance like staging a protest/riot/insurrection or individuals doing research before an assassination.
And that's why politicians, who are the most likely victims of these crimes, want surveillance. And you might genuinely believe that no current politician in your country deserves to be shot or that the current government should not be overthrown.
But we have to keep in mind that the next government will inherit these systems. Nothing is permanent, no democracy will last forever.
Historically, most countries have periods of freedom and authoritarianism, separated by collapse or revolt. At some point, in your country too, people will need to rise up to reassert their rights again.
It's a matter of when, not if.
---
I see where you are coming from and there were times in my life where more surveillance would have helped my side but ultimately, it's a balancing act and surveillance tips the scale in favor of people who already have a lot of power.
(Downvote me for “being obtuse” but I’m pointing out unspoken assumption that’s worth considering)
Increasing the chance of criminals getting caught does a lot more for dissuading crime than increasing the penalties. Would you litter if you knew there was a 100% chance of getting a $50 fine?
It’s probably the case that politicians also don’t want to be the ones who blocked the data which would have lead to preventing a terrorist attack. And they get more visibility behind the scenes after taking the job.
But the point I am trying to make is that surveillance does not work to stop the crimes people actually care about. Even if your biggest fear is terrorism, surveillance is not gonna stop somebody ramming their car into a crowd. Those who want to create fear have a myriad of ways which cannot be stopped without absolute, total surveillance, which makes any kind of resistance impossible.
I don't wanna live in a society where I have a 10% chance to get caught littering. Not because I wanna litter but because at some point, I might find myself homeless and needing to steal food to not starve. Or I might find myself living in a dictatorship and needing to drone the fucker who's sending my friends/family to a gulag.
Everything has a price. If the price of reducing common crime by 10% reduces the chance of a successful revolution by 20%, then it's not worth it. Because people are only free as long as they revoke their consent. If 50% of the population agree they live in a dictatorship, they should have a way to remove the government, whether by a ballot box or an ammo box.
An ideal government with total surveillance is the best case. You get the benefits of low crime without the drawback of corruption and ideology. The problem is in practice:
- Large institutions aren’t good at exercising fine control: even if the leaders have truly good intentions, corrupt mid-level employees and inaccurate data lead to bad outcomes.
- Good leaders seem to often pick bad successors, and unless they frequently pick better successors, someone will eventually pick a corrupt one.
- Corrupt leaders seem to be good at ousting or sidelining good leaders, more than vice versa, perhaps because good leaders are less passionate about gaining and keeping power.
Perhaps there are other reasons. Not just ideal governments, but even self-preserving governments don’t tend to last. Hence, although decentralization and privacy are never ideal, they should exist at least for backup, “just in case” (inevitably in practice) the centralized surveillance system goes rouge.
Since governments and laws exist to ensure justice, freedom will always be the price we pay.
Governments mostly exist to coordinate resource usage to out compete other societies.
Some amount of justice and welfare and roads, or whatever other things (varied by society and time period), are what they pay us so that our compliance is mostly voluntary and is therefore substantially more efficient.
You can bicker over exact word choice and the minute, but this general form is how it's always been from the present all the way back into the ancient world.
This whole way of thinking makes my skin crawl.
Just like sex, any kind of power exchange needs consent.
This whole idea that people are led or need to be led is wrong. Perhaps some people do but that's their problem, it shouldn't be mine. What politicians are is decision makers, not leaders.
We don't have time to vote on every single law personally, so we appoint temporary assistants who do it for us, based on our preferences. That's how it should work.
These assistants should work for us, not lead us. We should always have the power to override their decisions and to remove and replace them at any time. Of course, making this work in a practical manner, while satisfying constraints such as secrecy of votes, is difficult. I don't dispute that but we should be striving to find ways to get as close to this ideal as possible, not making politics into a career or treating it as a reality show.
And most certainly, these assistants ("leaders" as you call them) should not be picking their successors without our consent.
And there are a lot of really weird discussions to be had about "consent," too. If we allow unlimited speech, that means that we're all subject to marketing and propaganda, and that's another thing that people are quite vulnerable to. Being convinced to vote via propaganda isn't really a great example of consent. But banning any speech that resembles propaganda is rife with problems.
Anyway, my point is that democracy/voting and free speech isn't necessarily the most free/consented-to form of government. I'm not sure what would take its place, though. I certainly wish I knew.
It seems inherent in your worldview that you lack faith in people to self govern (that is, for a person to govern themselves. Which would explain why you are at odds with the parent. I suggest you read a bit of Jefferson’s ideas of self governance, education, etc. There are tradeoffs as with everything else, I do think based solely on your short commentary here that there may be an opportunity for your perspective to be enriched however
Whether they pick them or you pick them, you still have the same problem.
Bad people often get into office. Politicians lie, major parties both run bad candidates, sometimes voters are of the inclination to just elect whoever they think will mount the strongest assault on the status quo.
Expecting that never to happen is a lot less pragmatic than setting things up ahead of time to mitigate the damage when it does.
This is absolutely a thing and it's a thing because at some point, people notice how little power they actually have.
Every person's opinion is a point in N-dimensional space.
Representative democracy is describing that point (expressing their political opinion) by picking 1 point out of a handful of pre-determined options (parties/representatives). Some countries only have 2 real choices.
That's absolutely insane, no wonder people feel like their vote doesn't matter, they often can't even find a choice remotely close to their real preferences.
The constraints of the office ought to account for that.
Hence the root problem, that we haven't discovered a way to consistently have "good" government, whether it's a dictatorship or democracy. Perhaps with technology, we can invent a better form of government, e.g. a "super-democracy" where people vote on individual decisions (though even today I can imagine issues that would cause).
Until then, the key point I make is that you can have a government where some people ("leaders") do have more power than others, but not enough power for total control. The hopefully-realistic ideal is that the government has enough power to defend itself against an external threat always, and coordinate large projects when functioning well; but not too much so that, when functioning badly, essential internal systems are preserved, and when it's replaced (because as mentioned it will eventually collapse) the transition is minimally disruptive.
We're pretty f-ing far from even having to think about those problems.
It also helps make the point of what it means to say “society is breaking down” or “democracy is at stake” or “faith in institutions in decline.” What it really means is that those whom were thought of as leaders no longer have the consent of the followers, who are making their own decisions now- often to ill effect of any strangers around them
*cf servant leadership as one particularly clear conceptualization
"Citizens will be on their best behavior because we are constantly recording and reporting everything that’s going on." -- Larry Ellison (who should not be anthropomorphized)
And Ellison is not even a politician, he doesn't even has any kind of immunity. Meanwhile, EU politicians want to impose Chat Control on everyone except them.
The core issue is that they see themselves as different from us.
Politics should not be a career. It should be something a person does for 5, at most 10 years max and after that they are back to being like everyone else, with 0 benefits (and with potentially more surveillance, I think politicians' finances should be under extra scrutiny for the rest of their lives).
That seems highly disingenuous or just ignorant. We publicly had this problem starting in the 1990s. The NSA used to have a program that would capture data but then encrypt it and protect it from random access. They discontinued that program and instituted a new one that had zero privacy protections in it.
This was right at the turn when the "war on terror" started. Which was the excuse then used to abandon the better program for the egregious one since it was projected to be better for this particular use case. It's debatable whether that was true or not.
> Flock cameras or walk into grocery stores
Record it if you want. Law enforcement, at any level, should require an actual warrant to access it in any form. This isn't a binary. You can enhance security and privacy at the same time.
It's the same "impose a small but poorly defined cost on everybody and act as though it's worth it because it maybe saves one defined life and therefore anyone who wants to call you out has an uphill battle" model you see used by bad people and dishonest comment section types the world over.
Society has no good way to reason about these "it's not much individually but when you do it to all of society it adds the F up" type downsides.
Like if you could save one life per year at the cost of making it take everyone an extra minute per day that's obviously not worth it at the scale of the united states because you're actually losing more life than you're saving.
But replace the "one minute" with something more subjective and nobody calls it out.
It boils down to one thing that allows these surveillance technologies to exist: public apathy.
This is a cowardly excuse. It's another way of saying that if you reform mass surveillance you'll be blamed for anything bad that subsequently happens, regardless of whether the mass surveillance would have prevented it. And bad things happen on a regular basis with or without mass surveillance, so then the politically risk-averse move is to not solve the problem you promised to solve and not expose yourself.
Which is cowardly specifically because the candidate's original position was correct. You can solve crimes without mass surveillance, or prevent them by reducing poverty etc. If you do those things then the chances of something bad happening go down instead of up.
And it will still not be zero -- it won't be zero no matter what you do -- but in that case you're only worried about adversarial pundits blaming you for things that weren't your fault, and adversarial pundits are going to do that regardless.
Why not HIBP (Have I Been Pwned) style site to check against the database if your number is in?
SS7: Locate. Track. Manipulate. [2014] https://media.ccc.de/v/31c3_-_6249_-_en_-_saal_1_-_201412271...
https://media.ccc.de/v/25c3-2997-en-locating_mobile_phones_u...
For example, this post could have been a product of just probing a particular group of people to understand if they are interested in the subject and what they have to say about it.
That can be done indirectly, by suggesting someone (offering a link or planting an idea) that is already known to be interested in surveillance and prone to share interesting discoveries (in other words, the poster might not even be aware he could be an asset).
Think about the many ways someone could know your interests and how prone you are to react to something and how that could be used. If you are in tech, think about all the silly ways that kind of information can leak publicly.
People often disregard the possibility that they could be an active part of a surveillance network (as an unkowingly asset), instead focusing on more fantastical ideas such as technological hacks or coding wizardry.
https://www.giosec.uk/specialist-services---geo-location.htm...
If your device privacy is a mess, mobile ID links you to all the good and bad things you do on a phone.
Had no idea this was part of the tool options, but backbone cell network makes sense.
Other TTPs I’d read about was variations on geo-fenced adserving to phish a mobile ID basically via user interaction or scroll past the ad. Small enough geofence and do it a few times, one could safely figure out the user being the ID. Googling “RTB surveillance” or “DSP surveillance” are ways into the topic.
Scary stuff! Pair that with this tech has been working for years, and is international. Frames a bit differently every action by a public figure - also at risk via the same threat model.
Also long have wondered what data analysis like this is done on technical forums… ran by a VC firm… with a lot of insider context (product market fit?) in the comments.
Femtocells and Fake Base Stations Attackers deploy femtocells — small cellular base stations — or fake base stations, commonly known as IMSI catchers, to intercept SS7 traffic. A modified femtocell can act as a man-in-the-middle, capturing signaling messages between a phone and the network.
Fake base stations mimic legitimate cell towers, tricking devices into connecting and relaying SS7 messages to the attacker’s system.
IMSI catchers exploit a known security vulnerability in the GSM specification, which requires the handset to authenticate to the network but does not require the network to authenticate to the handset. They broadcast a stronger signal than legitimate cell towers to lure mobile phones into connecting. Once connected, an IMSI catcher can force the transmission of the International Mobile Subscriber Identity (IMSI) and compel the connected mobile station to use no encryption or easily breakable encryption.
For 3G and LTE networks, sophisticated IMSI catcher attacks may involve downgrading the connection to less secure non-LTE network services to bypass enhanced security features. For example, a hacker might deploy a fake base station near a target to capture their IMSI and initiate SS7 queries.
https://www.how2lab.com/tech/mobile-communication/ss7-vulner...
aucisson_masque•4h ago
There is mention of fake antenna but I don't think they cover entire country with that, how do they do?
jonplackett•4h ago
This article answers none of my questions!
kipchak•4h ago
https://www.lighthousereports.com/methodology/surveillance-s...
CGMthrowaway•4h ago
The SMS are intercepted because thru SS7 by tricking the network into thinking the target phone is roaming (3).
(1)https://www.lighthousereports.com/methodology/surveillance-s...
(2)https://www.motherjones.com/politics/2025/10/firstwap-altami...
(3)https://www.fyno.io/blog/is-it-easy-to-intercept-sms-a-compl...
arkadiyt•4h ago
For anyone worried, this approach:
1) Breaks the existing phone from receiving WhatsApp messages, so you can notice that behavior
2) Can be prevented by setting up a WhatsApp pin in your settings
citizenpaul•4h ago
Horrifying that nearly banks still require you to use sms as a 2fa and do not offer any other alternative.
Did you really think the US Gov was OK with facebook running the biggest "encrypted" SMS system on earth. LOL of course they already had access to all the messages.
varenc•3h ago
bayindirh•3h ago
In my country banking applications are tied to your phone via IMEI, SIM and other hardware dependent information available.
Forget getting banking details and use another device without the user knowing, either.
If someone clones your SIM or gets a replacement in behalf of you, your all banking access is blocked until you enable them one by one with your ID card or other means.
One of the banks can use FaceID as a secondary factor, too.
So, other methods are possible. It's an "implementation detail" at this point.